Mikkel
2012-Jun-14 08:14 UTC
[Dovecot] disable_plaintext_auth = no as no effect on IMAP/POP3 logins
Hello
In my installation the disable_plaintext_auth does not appear to take
effect.
I can see that the value is correct using doveconf -a but it doesn't
change anything.
Whenever attempting to log in using IMAP I get this:
* BAD [ALERT] Plaintext authentication not allowed without SSL/TLS, but
your client did it anyway. If anyone was listening, the password was
exposed.
ls NO [PRIVACYREQUIRED] Plaintext authentication disallowed on
non-secure (SSL/TLS) connections.
POP3 login attempts give this error:
-ERR Plaintext authentication disallowed on non-secure (SSL/TLS) connections
Besides adding disable_plaintext_auth=no to dovecot.conf I also tried
adding it specifically to the imap section.
I also tried to invoke it just for certain networks, like this:
remote 0.0.0.0 {
disable_plaintext_auth = no
}
But none of this takes any effect either. Adding the testing network as
trusted networks is working fine removing the error.
But I would rather not add the whole internet to the trusted network
section just to allow plain text logins in imap.
I'm in the process of migrating form 1.1 to 2.1 so this configuration is
for testing things out and is mainly based on the default configuration
files comming with the centos installation.
I should add that everything else in this setup is working fine.
I did many searches for information on this topic but nothing I could
find apply to my case.
I'm sorry to post such a long conf but I'm not sure what parts I could
have safely omitted.
Here goes:
# doveconf -a
# 2.1.1: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-220.17.1.el6.x86_64 x86_64 CentOS release 6.2 (Final)
auth_anonymous_username = anonymous
auth_cache_negative_ttl = 2 mins
auth_cache_size = 0
auth_cache_ttl = 2 mins
auth_debug = no
auth_debug_passwords = no
auth_default_realm = plain
auth_failure_delay = 2 secs
auth_first_valid_uid = 500
auth_gssapi_hostname auth_krb5_keytab auth_last_valid_uid = 0
auth_master_user_separator auth_mechanisms = plain
auth_realms = plain login digest-md5 cram-md5 apop ntlm
auth_socket_path = auth-userdb
auth_ssl_require_client_cert = no
auth_ssl_username_from_cert = no
auth_use_winbind = no
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
auth_username_format = %Lu
auth_username_translation auth_verbose = no
auth_verbose_passwords = no
auth_winbind_helper_path = /usr/bin/ntlm_auth
auth_worker_max_count = 30
base_dir = /var/run/dovecot
config_cache_size = 1 M
debug_log_path default_client_limit = 1000
default_idle_kill = 1 mins
default_internal_user = dovecot
default_login_user = dovenull
default_process_limit = 100
default_vsz_limit = 256 M
deliver_log_format = msgid=%m: %$
dict_db_config director_doveadm_port = 0
director_mail_servers director_servers director_user_expire = 15 mins
disable_plaintext_auth = no
dotlock_use_excl = no
doveadm_allowed_commands doveadm_password doveadm_proxy_port = 0
doveadm_socket_path = doveadm-server
doveadm_worker_count = 0
dsync_alt_char = _
first_valid_gid = 1
first_valid_uid = 105
hostname = usrmta01.talkactive.net
imap_capability imap_client_workarounds imap_id_log imap_id_send
imap_idle_notify_interval = 2 mins
imap_logout_format = in=%i out=%o
imap_max_line_length = 64 k
imapc_host imapc_master_user imapc_password imapc_port = 143
imapc_rawlog_dir imapc_ssl = no
imapc_ssl_ca_dir imapc_ssl_verify = yes
imapc_user = %u
import_environment = TZ
info_log_path = /var/log/dovecot/dovecot.run
instance_name = dovecot
last_valid_gid = 0
last_valid_uid = 0
lda_mailbox_autocreate = no
lda_mailbox_autosubscribe = no
lda_original_recipient_header libexec_dir = /usr/libexec/dovecot
listen = *, ::
lmtp_proxy = no
lmtp_save_to_detail_mailbox = no
lock_method = fcntl
log_path = /var/log/dovecot/dovecot.err
log_timestamp = "%b %d %H:%M:%S "
login_access_sockets login_greeting = Dovecot ready.
login_log_format = %$: %s
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
login_trusted_networks mail_access_groups mail_attachment_dir mail_attachment_fs
= sis posix
mail_attachment_hash = %{sha1}
mail_attachment_min_size = 128 k
mail_cache_fields = flags
mail_cache_min_mail_count = 0
mail_chroot mail_debug = no
mail_fsync = always
mail_full_filesystem_access = no
mail_gid mail_home mail_location mail_log_prefix = "%s(%u): "
mail_max_keyword_length = 50
mail_max_lock_timeout = 0
mail_max_userip_connections = 10
mail_never_cache_fields = imap.envelope
mail_nfs_index = yes
mail_nfs_storage = yes
mail_plugin_dir = /usr/lib64/dovecot
mail_plugins = quota
mail_prefetch_count = 0
mail_privileged_group mail_save_crlf = no
mail_temp_dir = /tmp
mail_uid mailbox_idle_check_interval = 30 secs
mailbox_list_index = no
maildir_broken_filename_sizes = no
maildir_copy_with_hardlinks = yes
maildir_stat_dirs = no
maildir_very_dirty_syncs = no
master_user_separator mbox_dirty_syncs = yes
mbox_dotlock_change_timeout = 2 mins
mbox_lazy_writes = yes
mbox_lock_timeout = 5 mins
mbox_md5 = apop3d
mbox_min_index_size = 0
mbox_read_locks = fcntl
mbox_very_dirty_syncs = no
mbox_write_locks = fcntl
mdbox_preallocate_space = no
mdbox_rotate_interval = 0
mdbox_rotate_size = 2 M
mmap_disable = yes
namespace inbox {
hidden = no
ignore_on_failure = no
inbox = yes
list = yes
location mailbox Drafts {
auto = no
special_use = \Drafts
}
mailbox Junk {
auto = no
special_use = \Junk
}
mailbox Sent {
auto = no
special_use = \Sent
}
mailbox "Sent Messages" {
auto = no
special_use = \Sent
}
mailbox Trash {
auto = no
special_use = \Trash
}
prefix separator subscriptions = yes
type = private
}
passdb {
args = /local/config/dovecot-sql.conf
default_fields deny = no
driver = sql
master = no
override_fields pass = no
}
plugin {
quota = maildir
quota_rule2 = Trash:storage=+10M:messages=+100
quota_warning = storage=80%% /local/scripts/quota-warning.sh 80
sieve_extensions = +imapflags +notify
trash = /local/config/dovecot-trash.conf
}
pop3_client_workarounds pop3_enable_last = no
pop3_fast_size_lookups = no
pop3_lock_session = no
pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
pop3_no_flag_updates = no
pop3_reuse_xuidl = no
pop3_save_uidl = no
pop3_uidl_format = %08Xu%08Xv
pop3c_host pop3c_password pop3c_port = 110
pop3c_rawlog_dir pop3c_ssl = no
pop3c_ssl_ca_dir pop3c_ssl_verify = yes
pop3c_user = %u
postmaster_address protocols = imap pop3 lmtp
quota_full_tempfail = no
recipient_delimiter = +
rejection_reason = Your message to <%t> was automatically rejected:%n%r
rejection_subject = Rejected: %s
sendmail_path = /usr/sbin/sendmail
service anvil {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = anvil
extra_groups group idle_kill = 4294967295 secs
privileged_group process_limit = 1
process_min_avail = 1
protocol service_count = 0
type = anvil
unix_listener anvil-auth-penalty {
group mode = 0600
user }
unix_listener anvil {
group mode = 0600
user }
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service auth-worker {
chroot client_limit = 1
drop_priv_before_exec = no
executable = auth -w
extra_groups group idle_kill = 0
privileged_group process_limit = 0
process_min_avail = 0
protocol service_count = 1
type unix_listener auth-worker {
group mode = 0600
user = $default_internal_user
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service auth {
chroot client_limit = 0
drop_priv_before_exec = no
executable = auth
extra_groups group idle_kill = 0
privileged_group process_limit = 1
process_min_avail = 0
protocol service_count = 0
type unix_listener /var/spool/postfix/private/auth {
group mode = 0666
user }
unix_listener auth-client {
group mode = 0600
user }
unix_listener auth-login {
group mode = 0600
user = $default_internal_user
}
unix_listener auth-master {
group mode = 0600
user }
unix_listener auth-userdb {
group mode = 0666
user }
unix_listener login/login {
group mode = 0666
user }
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service config {
chroot client_limit = 0
drop_priv_before_exec = no
executable = config
extra_groups group idle_kill = 0
privileged_group process_limit = 0
process_min_avail = 0
protocol service_count = 0
type = config
unix_listener config {
group mode = 0600
user }
user vsz_limit = 18446744073709551615 B
}
service dict {
chroot client_limit = 1
drop_priv_before_exec = no
executable = dict
extra_groups group idle_kill = 0
privileged_group process_limit = 0
process_min_avail = 0
protocol service_count = 0
type unix_listener dict {
group mode = 0600
user }
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service director {
chroot = .
client_limit = 0
drop_priv_before_exec = no
executable = director
extra_groups fifo_listener login/proxy-notify {
group mode = 00
user }
group idle_kill = 4294967295 secs
inet_listener {
address port = 0
ssl = no
}
privileged_group process_limit = 1
process_min_avail = 0
protocol service_count = 0
type unix_listener director-admin {
group mode = 0600
user }
unix_listener director-userdb {
group mode = 0600
user }
unix_listener login/director {
group mode = 00
user }
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service dns_client {
chroot client_limit = 1
drop_priv_before_exec = no
executable = dns-client
extra_groups group idle_kill = 0
privileged_group process_limit = 0
process_min_avail = 0
protocol service_count = 0
type unix_listener dns-client {
group mode = 0666
user }
unix_listener login/dns-client {
group mode = 0666
user }
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service doveadm {
chroot client_limit = 1
drop_priv_before_exec = no
executable = doveadm-server
extra_groups group idle_kill = 0
privileged_group process_limit = 0
process_min_avail = 0
protocol service_count = 1
type unix_listener doveadm-server {
group mode = 0600
user }
user vsz_limit = 18446744073709551615 B
}
service imap-login {
chroot = login
client_limit = 0
drop_priv_before_exec = no
executable = imap-login
extra_groups group idle_kill = 0
inet_listener imap {
address port = 143
ssl = no
}
inet_listener imaps {
address port = 993
ssl = yes
}
privileged_group process_limit = 0
process_min_avail = 0
protocol = imap
service_count = 0
type = login
user = $default_login_user
vsz_limit = 256 M
}
service imap {
chroot client_limit = 1
drop_priv_before_exec = no
executable = imap
extra_groups group idle_kill = 0
privileged_group process_limit = 1024
process_min_avail = 0
protocol = imap
service_count = 1
type unix_listener login/imap {
group mode = 0666
user }
user vsz_limit = 256 M
}
service indexer-worker {
chroot client_limit = 1
drop_priv_before_exec = no
executable = indexer-worker
extra_groups group idle_kill = 0
privileged_group process_limit = 10
process_min_avail = 0
protocol service_count = 0
type unix_listener indexer-worker {
group mode = 0600
user = $default_internal_user
}
user vsz_limit = 18446744073709551615 B
}
service indexer {
chroot client_limit = 0
drop_priv_before_exec = no
executable = indexer
extra_groups group idle_kill = 0
privileged_group process_limit = 1
process_min_avail = 0
protocol service_count = 0
type unix_listener indexer {
group mode = 0666
user }
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service ipc {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = ipc
extra_groups group idle_kill = 0
privileged_group process_limit = 1
process_min_avail = 0
protocol service_count = 0
type unix_listener ipc {
group mode = 0600
user }
unix_listener login/ipc-proxy {
group mode = 0600
user = $default_login_user
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service lmtp {
chroot client_limit = 1
drop_priv_before_exec = no
executable = lmtp
extra_groups group idle_kill = 0
privileged_group process_limit = 0
process_min_avail = 0
protocol = lmtp
service_count = 0
type unix_listener lmtp {
group mode = 0666
user }
user vsz_limit = 18446744073709551615 B
}
service log {
chroot client_limit = 0
drop_priv_before_exec = no
executable = log
extra_groups group idle_kill = 4294967295 secs
privileged_group process_limit = 1
process_min_avail = 0
protocol service_count = 0
type = log
unix_listener log-errors {
group mode = 0600
user }
user vsz_limit = 18446744073709551615 B
}
service pop3-login {
chroot = login
client_limit = 0
drop_priv_before_exec = no
executable = pop3-login
extra_groups group idle_kill = 0
inet_listener pop3 {
address port = 110
ssl = no
}
inet_listener pop3s {
address port = 995
ssl = yes
}
privileged_group process_limit = 0
process_min_avail = 0
protocol = pop3
service_count = 1
type = login
user = $default_login_user
vsz_limit = 18446744073709551615 B
}
service pop3 {
chroot client_limit = 1
drop_priv_before_exec = no
executable = pop3
extra_groups group idle_kill = 0
privileged_group process_limit = 1024
process_min_avail = 0
protocol = pop3
service_count = 1
type unix_listener login/pop3 {
group mode = 0666
user }
user vsz_limit = 18446744073709551615 B
}
service ssl-params {
chroot client_limit = 0
drop_priv_before_exec = no
executable = ssl-params
extra_groups group idle_kill = 0
privileged_group process_limit = 0
process_min_avail = 0
protocol service_count = 0
type = startup
unix_listener login/ssl-params {
group mode = 0666
user }
user vsz_limit = 18446744073709551615 B
}
service stats {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = stats
extra_groups fifo_listener stats-mail {
group mode = 0600
user }
group idle_kill = 4294967295 secs
privileged_group process_limit = 1
process_min_avail = 0
protocol service_count = 0
type unix_listener stats {
group mode = 0600
user }
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
shutdown_clients = yes
ssl = required
ssl_ca ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_cert_username_field = commonName
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
ssl_client_cert ssl_client_key ssl_crypto_device ssl_key =
</etc/pki/dovecot/private/dovecot.pem
ssl_key_password ssl_parameters_regenerate = 1 weeks
ssl_protocols = !SSLv2
ssl_verify_client_cert = no
stats_command_min_time = 1 mins
stats_domain_min_time = 12 hours
stats_ip_min_time = 12 hours
stats_memory_limit = 16 M
stats_session_min_time = 15 mins
stats_user_min_time = 1 hours
submission_host syslog_facility = mail
userdb {
args default_fields driver = prefetch
override_fields }
userdb {
args = /local/config/dovecot-sql.conf
default_fields driver = sql
override_fields }
valid_chroot_dirs verbose_proctitle = no
verbose_ssl = no
version_ignore = no
protocol lda {
mail_plugins = quota quota sieve trash
}
protocol imap {
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
tb-lsub-flags
imap_logout_format = bytes=%i/%o
mail_plugins = quota quota imap_quota trash
}
protocol pop3 {
mail_plugins = quota quota
pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
pop3_uidl_format = %08Xu%08Xv
}
Regards, Mikkel
Mikkel
2012-Jun-14 09:15 UTC
[Dovecot] disable_plaintext_auth = no as no effect on IMAP/POP3 logins
I just found the solution by coincidence. It appears there is a configuration file named: /etc/dovecot/conf.d/10-ssl.conf In that file the following line was active ssl = required That setting apparently overrides what disable_plaintext_auth has to say. After commenting out the ssl=required entry everything works as expected :-) Regards, Mikkel Den 14/06/12 10.14, Mikkel skrev:> Hello > > In my installation the disable_plaintext_auth does not appear to take > effect. > I can see that the value is correct using doveconf -a but it doesn't > change anything. > > Whenever attempting to log in using IMAP I get this: > * BAD [ALERT] Plaintext authentication not allowed without SSL/TLS, but > your client did it anyway. If anyone was listening, the password was > exposed. > ls NO [PRIVACYREQUIRED] Plaintext authentication disallowed on > non-secure (SSL/TLS) connections. > > POP3 login attempts give this error: > -ERR Plaintext authentication disallowed on non-secure (SSL/TLS) > connections > > Besides adding disable_plaintext_auth=no to dovecot.conf I also tried > adding it specifically to the imap section. > I also tried to invoke it just for certain networks, like this: > > remote 0.0.0.0 { > disable_plaintext_auth = no > } > > But none of this takes any effect either. Adding the testing network as > trusted networks is working fine removing the error. > But I would rather not add the whole internet to the trusted network > section just to allow plain text logins in imap. > > I'm in the process of migrating form 1.1 to 2.1 so this configuration is > for testing things out and is mainly based on the default configuration > files comming with the centos installation. > I should add that everything else in this setup is working fine. > > > I did many searches for information on this topic but nothing I could > find apply to my case. > > I'm sorry to post such a long conf but I'm not sure what parts I could > have safely omitted. > Here goes: > > > # doveconf -a > # 2.1.1: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-220.17.1.el6.x86_64 x86_64 CentOS release 6.2 (Final) > auth_anonymous_username = anonymous > auth_cache_negative_ttl = 2 mins > auth_cache_size = 0 > auth_cache_ttl = 2 mins > auth_debug = no > auth_debug_passwords = no > auth_default_realm = plain > auth_failure_delay = 2 secs > auth_first_valid_uid = 500 > auth_gssapi_hostname > auth_krb5_keytab > auth_last_valid_uid = 0 > auth_master_user_separator > auth_mechanisms = plain > auth_realms = plain login digest-md5 cram-md5 apop ntlm > auth_socket_path = auth-userdb > auth_ssl_require_client_cert = no > auth_ssl_username_from_cert = no > auth_use_winbind = no > auth_username_chars > abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ > auth_username_format = %Lu > auth_username_translation > auth_verbose = no > auth_verbose_passwords = no > auth_winbind_helper_path = /usr/bin/ntlm_auth > auth_worker_max_count = 30 > base_dir = /var/run/dovecot > config_cache_size = 1 M > debug_log_path > default_client_limit = 1000 > default_idle_kill = 1 mins > default_internal_user = dovecot > default_login_user = dovenull > default_process_limit = 100 > default_vsz_limit = 256 M > deliver_log_format = msgid=%m: %$ > dict_db_config > director_doveadm_port = 0 > director_mail_servers > director_servers > director_user_expire = 15 mins > disable_plaintext_auth = no > dotlock_use_excl = no > doveadm_allowed_commands > doveadm_password > doveadm_proxy_port = 0 > doveadm_socket_path = doveadm-server > doveadm_worker_count = 0 > dsync_alt_char = _ > first_valid_gid = 1 > first_valid_uid = 105 > hostname = usrmta01.talkactive.net > imap_capability > imap_client_workarounds > imap_id_log > imap_id_send > imap_idle_notify_interval = 2 mins > imap_logout_format = in=%i out=%o > imap_max_line_length = 64 k > imapc_host > imapc_master_user > imapc_password > imapc_port = 143 > imapc_rawlog_dir > imapc_ssl = no > imapc_ssl_ca_dir > imapc_ssl_verify = yes > imapc_user = %u > import_environment = TZ > info_log_path = /var/log/dovecot/dovecot.run > instance_name = dovecot > last_valid_gid = 0 > last_valid_uid = 0 > lda_mailbox_autocreate = no > lda_mailbox_autosubscribe = no > lda_original_recipient_header > libexec_dir = /usr/libexec/dovecot > listen = *, :: > lmtp_proxy = no > lmtp_save_to_detail_mailbox = no > lock_method = fcntl > log_path = /var/log/dovecot/dovecot.err > log_timestamp = "%b %d %H:%M:%S " > login_access_sockets > login_greeting = Dovecot ready. > login_log_format = %$: %s > login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c > login_trusted_networks > mail_access_groups > mail_attachment_dir > mail_attachment_fs = sis posix > mail_attachment_hash = %{sha1} > mail_attachment_min_size = 128 k > mail_cache_fields = flags > mail_cache_min_mail_count = 0 > mail_chroot > mail_debug = no > mail_fsync = always > mail_full_filesystem_access = no > mail_gid > mail_home > mail_location > mail_log_prefix = "%s(%u): " > mail_max_keyword_length = 50 > mail_max_lock_timeout = 0 > mail_max_userip_connections = 10 > mail_never_cache_fields = imap.envelope > mail_nfs_index = yes > mail_nfs_storage = yes > mail_plugin_dir = /usr/lib64/dovecot > mail_plugins = quota > mail_prefetch_count = 0 > mail_privileged_group > mail_save_crlf = no > mail_temp_dir = /tmp > mail_uid > mailbox_idle_check_interval = 30 secs > mailbox_list_index = no > maildir_broken_filename_sizes = no > maildir_copy_with_hardlinks = yes > maildir_stat_dirs = no > maildir_very_dirty_syncs = no > master_user_separator > mbox_dirty_syncs = yes > mbox_dotlock_change_timeout = 2 mins > mbox_lazy_writes = yes > mbox_lock_timeout = 5 mins > mbox_md5 = apop3d > mbox_min_index_size = 0 > mbox_read_locks = fcntl > mbox_very_dirty_syncs = no > mbox_write_locks = fcntl > mdbox_preallocate_space = no > mdbox_rotate_interval = 0 > mdbox_rotate_size = 2 M > mmap_disable = yes > namespace inbox { > hidden = no > ignore_on_failure = no > inbox = yes > list = yes > location > mailbox Drafts { > auto = no > special_use = \Drafts > } > mailbox Junk { > auto = no > special_use = \Junk > } > mailbox Sent { > auto = no > special_use = \Sent > } > mailbox "Sent Messages" { > auto = no > special_use = \Sent > } > mailbox Trash { > auto = no > special_use = \Trash > } > prefix > separator > subscriptions = yes > type = private > } > passdb { > args = /local/config/dovecot-sql.conf > default_fields > deny = no > driver = sql > master = no > override_fields > pass = no > } > plugin { > quota = maildir > quota_rule2 = Trash:storage=+10M:messages=+100 > quota_warning = storage=80%% /local/scripts/quota-warning.sh 80 > sieve_extensions = +imapflags +notify > trash = /local/config/dovecot-trash.conf > } > pop3_client_workarounds > pop3_enable_last = no > pop3_fast_size_lookups = no > pop3_lock_session = no > pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s > pop3_no_flag_updates = no > pop3_reuse_xuidl = no > pop3_save_uidl = no > pop3_uidl_format = %08Xu%08Xv > pop3c_host > pop3c_password > pop3c_port = 110 > pop3c_rawlog_dir > pop3c_ssl = no > pop3c_ssl_ca_dir > pop3c_ssl_verify = yes > pop3c_user = %u > postmaster_address > protocols = imap pop3 lmtp > quota_full_tempfail = no > recipient_delimiter = + > rejection_reason = Your message to <%t> was automatically rejected:%n%r > rejection_subject = Rejected: %s > sendmail_path = /usr/sbin/sendmail > service anvil { > chroot = empty > client_limit = 0 > drop_priv_before_exec = no > executable = anvil > extra_groups > group > idle_kill = 4294967295 secs > privileged_group > process_limit = 1 > process_min_avail = 1 > protocol > service_count = 0 > type = anvil > unix_listener anvil-auth-penalty { > group > mode = 0600 > user > } > unix_listener anvil { > group > mode = 0600 > user > } > user = $default_internal_user > vsz_limit = 18446744073709551615 B > } > service auth-worker { > chroot > client_limit = 1 > drop_priv_before_exec = no > executable = auth -w > extra_groups > group > idle_kill = 0 > privileged_group > process_limit = 0 > process_min_avail = 0 > protocol > service_count = 1 > type > unix_listener auth-worker { > group > mode = 0600 > user = $default_internal_user > } > user = $default_internal_user > vsz_limit = 18446744073709551615 B > } > service auth { > chroot > client_limit = 0 > drop_priv_before_exec = no > executable = auth > extra_groups > group > idle_kill = 0 > privileged_group > process_limit = 1 > process_min_avail = 0 > protocol > service_count = 0 > type > unix_listener /var/spool/postfix/private/auth { > group > mode = 0666 > user > } > unix_listener auth-client { > group > mode = 0600 > user > } > unix_listener auth-login { > group > mode = 0600 > user = $default_internal_user > } > unix_listener auth-master { > group > mode = 0600 > user > } > unix_listener auth-userdb { > group > mode = 0666 > user > } > unix_listener login/login { > group > mode = 0666 > user > } > user = $default_internal_user > vsz_limit = 18446744073709551615 B > } > service config { > chroot > client_limit = 0 > drop_priv_before_exec = no > executable = config > extra_groups > group > idle_kill = 0 > privileged_group > process_limit = 0 > process_min_avail = 0 > protocol > service_count = 0 > type = config > unix_listener config { > group > mode = 0600 > user > } > user > vsz_limit = 18446744073709551615 B > } > service dict { > chroot > client_limit = 1 > drop_priv_before_exec = no > executable = dict > extra_groups > group > idle_kill = 0 > privileged_group > process_limit = 0 > process_min_avail = 0 > protocol > service_count = 0 > type > unix_listener dict { > group > mode = 0600 > user > } > user = $default_internal_user > vsz_limit = 18446744073709551615 B > } > service director { > chroot = . > client_limit = 0 > drop_priv_before_exec = no > executable = director > extra_groups > fifo_listener login/proxy-notify { > group > mode = 00 > user > } > group > idle_kill = 4294967295 secs > inet_listener { > address > port = 0 > ssl = no > } > privileged_group > process_limit = 1 > process_min_avail = 0 > protocol > service_count = 0 > type > unix_listener director-admin { > group > mode = 0600 > user > } > unix_listener director-userdb { > group > mode = 0600 > user > } > unix_listener login/director { > group > mode = 00 > user > } > user = $default_internal_user > vsz_limit = 18446744073709551615 B > } > service dns_client { > chroot > client_limit = 1 > drop_priv_before_exec = no > executable = dns-client > extra_groups > group > idle_kill = 0 > privileged_group > process_limit = 0 > process_min_avail = 0 > protocol > service_count = 0 > type > unix_listener dns-client { > group > mode = 0666 > user > } > unix_listener login/dns-client { > group > mode = 0666 > user > } > user = $default_internal_user > vsz_limit = 18446744073709551615 B > } > service doveadm { > chroot > client_limit = 1 > drop_priv_before_exec = no > executable = doveadm-server > extra_groups > group > idle_kill = 0 > privileged_group > process_limit = 0 > process_min_avail = 0 > protocol > service_count = 1 > type > unix_listener doveadm-server { > group > mode = 0600 > user > } > user > vsz_limit = 18446744073709551615 B > } > service imap-login { > chroot = login > client_limit = 0 > drop_priv_before_exec = no > executable = imap-login > extra_groups > group > idle_kill = 0 > inet_listener imap { > address > port = 143 > ssl = no > } > inet_listener imaps { > address > port = 993 > ssl = yes > } > privileged_group > process_limit = 0 > process_min_avail = 0 > protocol = imap > service_count = 0 > type = login > user = $default_login_user > vsz_limit = 256 M > } > service imap { > chroot > client_limit = 1 > drop_priv_before_exec = no > executable = imap > extra_groups > group > idle_kill = 0 > privileged_group > process_limit = 1024 > process_min_avail = 0 > protocol = imap > service_count = 1 > type > unix_listener login/imap { > group > mode = 0666 > user > } > user > vsz_limit = 256 M > } > service indexer-worker { > chroot > client_limit = 1 > drop_priv_before_exec = no > executable = indexer-worker > extra_groups > group > idle_kill = 0 > privileged_group > process_limit = 10 > process_min_avail = 0 > protocol > service_count = 0 > type > unix_listener indexer-worker { > group > mode = 0600 > user = $default_internal_user > } > user > vsz_limit = 18446744073709551615 B > } > service indexer { > chroot > client_limit = 0 > drop_priv_before_exec = no > executable = indexer > extra_groups > group > idle_kill = 0 > privileged_group > process_limit = 1 > process_min_avail = 0 > protocol > service_count = 0 > type > unix_listener indexer { > group > mode = 0666 > user > } > user = $default_internal_user > vsz_limit = 18446744073709551615 B > } > service ipc { > chroot = empty > client_limit = 0 > drop_priv_before_exec = no > executable = ipc > extra_groups > group > idle_kill = 0 > privileged_group > process_limit = 1 > process_min_avail = 0 > protocol > service_count = 0 > type > unix_listener ipc { > group > mode = 0600 > user > } > unix_listener login/ipc-proxy { > group > mode = 0600 > user = $default_login_user > } > user = $default_internal_user > vsz_limit = 18446744073709551615 B > } > service lmtp { > chroot > client_limit = 1 > drop_priv_before_exec = no > executable = lmtp > extra_groups > group > idle_kill = 0 > privileged_group > process_limit = 0 > process_min_avail = 0 > protocol = lmtp > service_count = 0 > type > unix_listener lmtp { > group > mode = 0666 > user > } > user > vsz_limit = 18446744073709551615 B > } > service log { > chroot > client_limit = 0 > drop_priv_before_exec = no > executable = log > extra_groups > group > idle_kill = 4294967295 secs > privileged_group > process_limit = 1 > process_min_avail = 0 > protocol > service_count = 0 > type = log > unix_listener log-errors { > group > mode = 0600 > user > } > user > vsz_limit = 18446744073709551615 B > } > service pop3-login { > chroot = login > client_limit = 0 > drop_priv_before_exec = no > executable = pop3-login > extra_groups > group > idle_kill = 0 > inet_listener pop3 { > address > port = 110 > ssl = no > } > inet_listener pop3s { > address > port = 995 > ssl = yes > } > privileged_group > process_limit = 0 > process_min_avail = 0 > protocol = pop3 > service_count = 1 > type = login > user = $default_login_user > vsz_limit = 18446744073709551615 B > } > service pop3 { > chroot > client_limit = 1 > drop_priv_before_exec = no > executable = pop3 > extra_groups > group > idle_kill = 0 > privileged_group > process_limit = 1024 > process_min_avail = 0 > protocol = pop3 > service_count = 1 > type > unix_listener login/pop3 { > group > mode = 0666 > user > } > user > vsz_limit = 18446744073709551615 B > } > service ssl-params { > chroot > client_limit = 0 > drop_priv_before_exec = no > executable = ssl-params > extra_groups > group > idle_kill = 0 > privileged_group > process_limit = 0 > process_min_avail = 0 > protocol > service_count = 0 > type = startup > unix_listener login/ssl-params { > group > mode = 0666 > user > } > user > vsz_limit = 18446744073709551615 B > } > service stats { > chroot = empty > client_limit = 0 > drop_priv_before_exec = no > executable = stats > extra_groups > fifo_listener stats-mail { > group > mode = 0600 > user > } > group > idle_kill = 4294967295 secs > privileged_group > process_limit = 1 > process_min_avail = 0 > protocol > service_count = 0 > type > unix_listener stats { > group > mode = 0600 > user > } > user = $default_internal_user > vsz_limit = 18446744073709551615 B > } > shutdown_clients = yes > ssl = required > ssl_ca > ssl_cert = </etc/pki/dovecot/certs/dovecot.pem > ssl_cert_username_field = commonName > ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL > ssl_client_cert > ssl_client_key > ssl_crypto_device > ssl_key = </etc/pki/dovecot/private/dovecot.pem > ssl_key_password > ssl_parameters_regenerate = 1 weeks > ssl_protocols = !SSLv2 > ssl_verify_client_cert = no > stats_command_min_time = 1 mins > stats_domain_min_time = 12 hours > stats_ip_min_time = 12 hours > stats_memory_limit = 16 M > stats_session_min_time = 15 mins > stats_user_min_time = 1 hours > submission_host > syslog_facility = mail > userdb { > args > default_fields > driver = prefetch > override_fields > } > userdb { > args = /local/config/dovecot-sql.conf > default_fields > driver = sql > override_fields > } > valid_chroot_dirs > verbose_proctitle = no > verbose_ssl = no > version_ignore = no > protocol lda { > mail_plugins = quota quota sieve trash > } > protocol imap { > imap_client_workarounds = delay-newmail tb-extra-mailbox-sep > tb-lsub-flags > imap_logout_format = bytes=%i/%o > mail_plugins = quota quota imap_quota trash > } > protocol pop3 { > mail_plugins = quota quota > pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s > pop3_uidl_format = %08Xu%08Xv > } > > > Regards, Mikkel